Wednesday, 4 October 2017

How to Securely Wipe the Free Space on Your Windows PC

This is mostly copied from an excellent article on the GroovyPost Website by Lori Kaufman, Oct 3 2017
with some additional text by me

Original article

When you delete files from your hard drive, did you know that the file never actually gets deleted from your hard drive and is normally able to be recovered using readily available recovery tools? Normally this isn’t an issue as we use our computer each day. However, if you’re planning to sell or donate your computer and don’t want your old data to be recoverable, follow the steps below to wipe the free space on your hard drive. The process is the same and will work on Windows 7, 8 and Windows 10.

People often say to me “there is nothing on my hard drive that I care about if someone sees”,  but bear in mind that an experienced hacker can build a profile of someone from a set of files on a PC, and can often guess passwords, or find those passwords within those files. This leaves a person vulnerable to Identity theft, with all the ensuing headaches.

What really happens when you delete a file?
When you delete a file on your computer, the only thing that’s removed is the reference to it in the master file table. The file still exists on your hard drive, however Windows just doesn’t know where the file is. This is because as mentioned earlier, you’re only removing the indexes and the links to the data and telling Windows it has permission to overwrite that area of the hard drive.
So, until (and possibly after) the data is written over, it can be recovered by special tools or the right set of skills. The tools, or an experienced hacker, can scan the hard drive and look for the files and restore the links and indexes so Windows can see the files again. If you’re selling a computer, or even disposing of one, you should securely wipe the free space on your PC’s hard drive so the files cannot be recovered.
(if the computer is old, and is simply headed for the recycle depot, you could just remove the hard drive and drill a hole in it, to render it inoperable, but make sure that hole, or holes, goes right through the middle of the hard drive)
Here is how to use the cipher command on the command line to securely write over the free space several times to make sure no data can be recovered. There are also some third-party tools that do the same thing.

Before using the cipher command to securely overwrite the free space on your hard drive, be sure you quit all programs. That ensures the maximum amount of free space is securely wiped.
Click the Cortana icon or the Search icon on the Taskbar and start typing “command prompt”. Then, click Command Prompt under Best match.


Type the following command at the prompt and press Enter.
cipher /w:C

Data that is not allocated to any files or folders is overwritten three times and permanently removed. This can take a long time if you are overwriting a large amount of free space.
Cipher goes through the following steps as it securely wipes the free space on your hard drive.
1.    The cipher command automatically creates a new folder on the C drive called EFSTMPWP and then creates a file in that folder with nothing but zeros in it. It will grow until the hard drive fills up.
2.    Then, cipher deletes that file and creates a second file which is filled with the number 255 repeatedly until the file grows big enough to fill the free space on the hard drive again.
3.    Next, cipher deletes the second file, creates a third file, and fills that with random numbers until your hard drive is full again.
4.    Finally, cipher deletes the third file and returns you to the prompt. Type exit at the prompt to close the Command Prompt window.
So, essentially, cipher wrote over the free space (old files) on your hard drive three times to make sure no one could ever scan your hard drive and recover the data you deleted from it.
If you watch your hard drive space, as cipher does its thing, don’t be surprised when you see your hard drive fill up. This is normal as mentioned in the steps above and the space will be freed again.


If you’re not comfortable using the command line, there’s a free utility called CCleaner that allows you to securely wipe the free space on your hard drive.
Be sure you install or update to the latest version.
There are two versions of CCleaner, free and paid. The feature that wipes the free space on your hard drive is available in the free version, so that will do just fine.
Once you’ve downloaded CCleaner and installed it, or updated it, open the program and click Tools on the left pane. Choose Free Space Only from the Wipe drop-down list. Make sure you DO NOT select Entire Drive, as this will erase ALL the files on your hard drive—unless that is what you mean to do. If you’re getting rid of the PC, you can use the Entire Drive option to wipe the entire drive. Be very careful when making this selection.
Select the type of overwrite procedure you want from the Security drop-down list. Simple Overwrite is fine for most situations. However, if you want CCleaner to behave like the cipher command, select Advanced Overwrite (3 passes). Finally, select the drive on which you want to securely wipe the free space in the Drives box and click Wipe.


Another option for making sure your deleted data cannot be recovered is to delete your files and folders securely in the first place.
Eraser is a free, advanced security tool for Windows that allows you to securely delete data from your hard drive by overwriting it several times with carefully selected patterns, like the cipher command and CCleaner. The difference is you can do this when you delete the files and folders, not after. You can also securely wipe the free space on your hard drive to be extra safe.
When you download Eraser and install it, an option is added to the context (right-click) menu in File Explorer. Instead of deleting files and folders normally by pressing the Delete key, sending them to the recycle bin, and then emptying the recycle bin, you can use Eraser directly in File Explorer to securely delete files and folders.
To securely delete one or more files or folders, select what you want to delete, right-click on the selection, and then go to Eraser > Erase on the popup menu.

If you are uncomfortable with any of these options, but you are selling, gifting, or disposing of a PC, ask someone you trust to run one of these commands or software options for you. Even if you have to pay  for their time, it’s worth it for the peace of mind of knowing that your data cannot be compromised.

No comments:

Post a Comment

Add a comment